third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/webvtt-cross-origin.https.html

<!DOCTYPE html>
<meta charset="utf-8">
<title>cross-origin webvtt returned by service worker is detected</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="resources/test-helpers.sub.js?pipe=sub"></script>
<body>
<script>
// This file tests opaque responses for WebVTT text track. It creates
// an iframe with a <track> element, controlled by a service worker.
// Each test tries to load a text track, the service worker intercepts the
// requests and responds with opaque or non-opaque responses. The opaque
// responses should result in load errors.

const host_info = get_host_info();
const kScript = 'resources/fetch-rewrite-worker.js';
// Add '?ignore' so the service worker falls back for the navigation.
const kScope = 'resources/vtt-frame.html?ignore';
let frame;

function load_track(url) {
  const track = frame.contentDocument.querySelector('track');
  const result = new Promise((resolve, reject) => {
      track.onload = (e => {
          resolve('load event');
        });
      track.onerror = (e => {
          resolve('error event');
        });
    });

  track.src = url;
  // Setting mode to hidden seems needed, or else the text track requests don't
  // occur.
  track.track.mode = 'hidden';
  return result;
}

promise_test(t => {
    return service_worker_unregister_and_register(t, kScript, kScope)
      .then(registration => {
          promise_test(() => {
              frame.remove();
              return registration.unregister();
            }, 'restore global state');

          return wait_for_state(t, registration.installing, 'activated');
        })
      .then(() => {
          return with_iframe(kScope);
        })
      .then(f => {
          frame = f;
        })
  }, 'initialize global state');

promise_test(t => {
    let url = '/media/foo.vtt';
    // Add '?url' and tell the service worker to return a same-origin URL.
    url += '?url=' + host_info.HTTPS_ORIGIN + '/media/foo.vtt';
    return load_track(url)
      .then(result => {
          assert_equals(result, 'load event');
        });
  }, 'same-origin text track should load');

promise_test(t => {
    let url = '/media/foo.vtt';
    // Add '?url' and tell the service worker to return a cross-origin URL.
    url += '?url=' + get_host_info().HTTPS_REMOTE_ORIGIN + '/media/foo.vtt';
    return load_track(url)
      .then(result => {
          assert_equals(result, 'error event');
        });
  }, 'cross-origin text track with no-cors request should not load');

promise_test(t => {
    let url = '/media/foo.vtt';
    // Add '?url' and tell the service worker to return a cross-origin URL that
    // doesn't support CORS.
    url += '?url=' + get_host_info().HTTPS_REMOTE_ORIGIN +
        '/media/foo-no-cors.vtt';
    // Add '&mode' to tell the service worker to do a CORS request.
    url += '&mode=cors';
    return load_track(url)
      .then(result => {
          assert_equals(result, 'error event');
        });
  }, 'cross-origin text track with rejected cors request should not load');

promise_test(t => {
    let url = '/media/foo.vtt';
    // Add '?url' and tell the service worker to return a cross-origin URL.
    url += '?url=' + get_host_info().HTTPS_REMOTE_ORIGIN + '/media/foo.vtt';
    // Add '&mode' to tell the service worker to do a CORS request.
    url += '&mode=cors';
    // Add '&credentials=anonymous' to allow Access-Control-Allow-Origin=*.
    url += '&credentials=anonymous';
    return load_track(url)
      .then(result => {
          assert_equals(result, 'load event');
        });
  }, 'cross-origin text track with approved cors request should load');
</script>
</body>